Main navigation

pst location

We fielded a recent customer question that made us take another look at what IT organizations need to consider when performing eDiscovery searches or responding to information queries such as Freedom of Information requests.

The question was initially surprising, but when we looked closer, it’s a reasonable one and an area where IT and Legal only intersect when there are problems.

What is ESI?

The term ESI is regularly used in the legal community and is an acronym for Electronically Stored Information – not simply electronically searchable information. The distinction is an important one.

Most legal processes were modelled around paper files – hence the term “discovery.” In 2006 the US judiciary finally addressed burgeoning electronic information discovery, or eDiscovery, by amending the Federal Rules of Civil Procedure (FRCP) to include electronic information. It should be noted that UK courts incorporated rules to handle electronic discovery some years earlier, but the legal community universally regards ESI as “anything stored via electronic means.”

An important distinction about ESI is that nobody, anywhere, has more granular descriptions on what it is, how it’s stored, etc. In fact, laws and acts and statutes that refer to ESI talk about “preserving” such data and leave the means of preservation up to the holders, i.e. the IT organization.

Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.

PST FILES PRESENT A HIGH SECURITY RISK

PST files are highly portable; they can be disconnected from Outlook and copied or moved to another Outlook client very easily.

They can be password protected, although a simple search on the internet will find any number of programs that can crack these passwords. This puts end user data and intellectual property data at high risk.

They can be seen as a great way of moving email data between people and/or organizations quickly.

PST FILES ARE UNRELIABLE AND PLACE PRESSURE ON IT SUPPORT

PSTs were never designed to hold large amounts of email data yet users dump emails into them unaware of the data risk these notoriously unreliable files present as they often corrupt.

Power outages, PC crashes or inadvertently ‘closing’ the PST disconnects it from the Outlook profile. It’s then usually overlooked or lost, creating an uncoupled or ‘orphaned’ PST which is invisible to IT but can still contain valuable information that needs to be preserved or discovered.

These files take up nearly 15% of an IT department's daily helpdesk calls.

PST FILES COMPROMISE EDISCOVERY REQUESTS

When an organization is subject to a legal hold request and needs to identify information including emails that are relevant to a particular issue, any emails that are contained in PST files won’t be identified because their contents are available only to their end-user.

Since most legal discovery occurs sometime after the alleged incident, not knowing the location or the owner of PST files can make Legal Hold, eDiscovery requests incredibly challenging.

PST FILES FALL OUTSIDE OF COMPLIANCE REQUIREMENTS

The PST itself is merely a container file and does not fall under compliance requirements but the emails and attachments that are hidden within it DO. If the IT department is not managing PST files, best practice is jeopardized.

PST files often contain emails which should have been managed but, owing to restrictions on access they are not subject to the usual retention, deletion or classification policies.

PST FILES ARE INCREDIBLY ELUSIVE

PST files can be located almost anywhere – desktops, laptops, corporate servers, removable media, even home PCs. Over 65% of users store PST files on laptops and 20% of users store them on portable storage devices.

Outlook must have access to the location where the PST is stored, fine for office-based users who have the same access to local or network storage, but if users work from different desktops or locations they may not be able to gain access to the PSTs.

Also, if the Outlook Web App (OWA) is utilized, users will have no access to the files.

PST FILES CREATE STORAGE, BACKUP AND RETENTION PROBLEMS

If PSTs located on desktops or laptops fall outside the corporate backup strategy, they’re neither backed up nor protected. If located on network shares, they’re probably being backed up, but this also brings challenges.

Each time Outlook connects to a PST, it’s marked as requiring backup (even if nothing has changed). It will then back up the entire PST container file.

The average PST file is 1.3gb (around 100,000+ emails). Multiply that by the number of users using or storing PSTs and you’ll understand the massive impact on backup windows and restore times

PST FILES CAN DERAIL STRATEGIC IT PROJECTS

If you’re looking to migrate to Microsoft online platforms, PSTs should be considered as part of the project.

Consolidating all email data into the online Exchange environment not only enhances user experience and productivity, it ensures that any legacy data is protected.

Similarly, a refresh to either new hardware or a virtual environment can be impacted by PST files which can be located anywhere in the desktop environment. A large amount of data is put at risk if they are not discovered and handled correctly.

The PSTs could be anywhere. They could be on a network share, they may be in a current user location or somewhere that was used a number of years ago. Therefore, you will need to search all server locations. They could be on a local drive, on a desktop machine, a laptop or even on someone's computer at home. This could occur if they were using Outlook from their home computer.

Finding the ones on a server drive should be relatively straightforward, just taking up a certain amount of time and effort! However, finding PSTs on a local drive is virtually impossible without the right application. This is where you need PST management from C2C.

C2C's PST management exists in a number of their products; it provides the ability to locate PSTs on a local drive by scanning the drive(s) from an Outlook session. An Outlook add-in will find the local PSTs and report back to the admin any information on their size and location. It can also report back on the content of the PST such as number of emails, or examine the content of emails and their attachments.

The software depends on users logging in to Outlook, so it may take a few days to gather all the information, but in a relatively short period of time, the admin will benefit from knowledge about all the PSTs and their locations.

Then the issue moves onto the decision about what to do with these unassociated PSTs.

After you have understood the implications of an unassociated PST, you will probably be asking yourself, how can I find them? And then you will be wondering what your options are regarding the recovery of the PST itself.

If you have used the C2C PST management software to find the PSTs, you will now know how many PSTs you have, along with their size, the number of emails contained within them and their location.

The issue now is: what can I do with them?

If they are a current employee, then the PST needs to be associated to the user and managed that way.

If the owner has left the organization, then the answer is to comply with company policy, or perhaps the former owner's manager will have a view.

The options range from;

Deleting the PST (risky, as it may contain valuable data)

Moving the PST to a known location

Deleting any unwanted email, as this reduces the volume of emails and increases the relevancy of the data being held. This, this can be achieved by;

o Deleting emails with a certain profile (e.g. all emails containing MP3, AVI, or WMV attachments)
o Deleting mail over a certain age

Importing the PST into an archive where it can be managed.

Although it is possible to “just import” the PST, it is advisable to remove any unwanted data. This reduces the amount of work during the import AND reduces the liability on your organization through holding these unnecessary emails.